Apache HTTP Server: Difference between revisions
No edit summary |
|||
| (11 intermediate revisions by the same user not shown) | |||
| Line 12: | Line 12: | ||
The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate | The following virtual host has an HTTPS redirect and uses an LetsEncrypt ssl certificate | ||
<pre> | <pre> | ||
# contents of /etc/apache2/sites-available/ | # contents of /etc/apache2/sites-available/davidl_me.conf | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
ServerName www.davidl.me | ServerName www.davidl.me | ||
| Line 19: | Line 19: | ||
RewriteEngine on | RewriteEngine on | ||
RewriteCond %{ | RewriteCond %{HTTPS} !=on | ||
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] | |||
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] | ||
</VirtualHost> | </VirtualHost> | ||
| Line 50: | Line 50: | ||
</pre> | </pre> | ||
}} | }} | ||
;Notes | |||
* You can have multiple server aliases in one line: | |||
*: E.g. <code>ServerAlias cloud.davidl.me.local cloud.davidl.local</code> | |||
==Compression== | ==Compression== | ||
| Line 88: | Line 92: | ||
RewriteRule /(.*) ws://192.168.1.99/$1 [P,L] | RewriteRule /(.*) ws://192.168.1.99/$1 [P,L] | ||
RewriteCond %{HTTP:Upgrade} !=websocket | RewriteCond %{HTTP:Upgrade} !=websocket | ||
RewriteRule /(.*) http://192.168.1. | RewriteRule /(.*) http://192.168.1.99/$1 [P,L] | ||
ProxyPreserveHost On | ProxyPreserveHost On | ||
ProxyRequests Off | ProxyRequests Off | ||
| Line 98: | Line 102: | ||
ProxyPass "/wss2/" "wss://echo.websocket.org/" | ProxyPass "/wss2/" "wss://echo.websocket.org/" | ||
</pre> | </pre> | ||
;Notes | |||
* If you're proxying to an https url (e.g. <code>https://192.168.1.40/</code>, you will need to add <code>SSLProxyEngine on</code> | |||
** Furthermore, your https url will need to have a valid certificate for the domain you're proxying. | |||
==.htaccess== | ==.htaccess== | ||
| Line 103: | Line 111: | ||
To enable this feature, add <code>AllowOverride All</code> to your <code>apache.conf</code> for the directories you want to allow .htaccess files. | To enable this feature, add <code>AllowOverride All</code> to your <code>apache.conf</code> for the directories you want to allow .htaccess files. | ||
==Headers== | |||
Enable mod_headers with <code>sudo a2enmod headers</code>. | |||
Then you can add headers to your virtualhost: | |||
<pre> | |||
<VirtualHost *:80> | |||
#... | |||
# Prevents caching by search engines (Google) | |||
Header set X-Robots-Tag: noindex | |||
</VirtualHost> | |||
</pre> | |||
== | ==Access Control== | ||
See [https://httpd.apache.org/docs/2.4/howto/access.html Access Control]. | |||
See [https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html Require directivies]. | |||
Access restictions can be placed in <code>.htaccess</code> files or config files. | |||
They should always be placed within a directory or location element. | |||
To only allow lan access on a specific virtualhost: | |||
<pre> | |||
<VirtualHost *:80> | |||
#... | |||
<Location /> | |||
Require ip 192.168.1.1/24 | |||
</Location> | |||
</VirtualHost | |||
</pre> | |||
Common restrictions: | |||
* <code>Require all granted</code> and <code>Require all denied</code> | |||
* <code>Require local</code> localhost only | |||
;Note | |||
* <code>Allow</code>, <code>Deny</code>, and <code>Order</code> are deprecated. They still work but you shouldn't add them to new code. | |||
==HTTP2== | |||
[https://helgeklein.com/blog/2018/11/enabling-http-2-in-apache-on-ubuntu-18-04/ Guide] | |||
[https://tools.keycdn.com/http2-test Test website] | |||